Myven

Legal

Privacy Policy

This policy is provided in Korean and English. If there is any inconsistency, the Korean version controls.

Effective date: June 24, 2026

Myven Privacy Policy

This policy is provided in Korean and English. If there is any inconsistency, the Korean version controls.

1. Controller and Scope

  1. This policy applies to the Myven website, landing pages, signup and authentication, dashboards, public profiles, bio links, Instagram comments and direct messages (DM) automation, sponsorship proposals, customer support, service emails, product analytics, and security operations.
  2. Myven primarily complies with the Personal Information Protection Act of Korea and also considers other applicable privacy, consumer, e-commerce, communications, and platform rules depending on user location, payment use, or external service connections.
  3. Myven processes personal information only as needed to provide the service, manage accounts, operate public profiles and Instagram integrations, protect security, provide support, send service notices, improve the product, and comply with law. If a user refuses required processing or required processors, Myven may be unable to provide core features such as signup, login, public profiles, and Instagram integrations.
  4. Company and responsible-person information, including the controller, privacy officer, privacy request handler, address, phone, and email, is available on the [Company](/company) page.

2. Purposes, Data, Retention, and Basis

  1. The table below summarizes the purposes, data, retention periods, and legal basis for Myven's personal information processing.
Current Myven processing inventory
PurposeDataRetentionBasis / Nature
Signup, email verification, login, account managementEmail, username, encrypted password, account status, email verification and password reset records, authentication provider, signup/update/deletion recordsUntil account deletion. One-time verification records are retained only while operationally needed after verification or expiration. Direct identifiers are deleted or anonymized when account deletion is processed.Contract performance, security, abuse prevention
Beta signup, waitlist, benefits and coupon eligibilitySignup sequence, beta group, coupon and benefit eligibility, invitation and notice email records, referral signup informationUntil account deletion so that benefits can be provided and confirmed. After deletion, data is deleted or anonymized except where legal retention applies.Service provision, benefit administration, signup requested by the user
Referral links and attributionReferral code, referrer and referred-user relationship, referral status, creation and end recordsUntil account deletion. If the referrer deletes the account, the direct identifying relationship may be anonymized or disconnected.Service feature provision, benefit administration, abuse prevention
Public profiles, bio links, redirects, dashboard editingPublic username, display name, profile image, public visibility, search-engine visibility setting, social links and sponsored linksUntil the user deletes the item or account. Public output is hidden and direct identifiers are deleted or anonymized on account deletion.Contract performance and user-directed publication
Profile images and sponsorship attachmentsFile management information, upload confirmation information, public URL, security scan state, expiration and attachment stateWhile connected to a profile or proposal. Unattached temporary files are subject to deletion after expiration.Service feature provision, malicious file and abuse prevention
Instagram account connection, comments, and direct messages (DM) automationInstagram account identifier, username, profile image, connection status, permissions, integration token, comment and DM events, automation settings, delivery resultsWhile the Instagram connection remains active. Tokens are revoked or disabled on disconnect or deletion, while legal, security, and dispute records may be retained where needed.User-requested Instagram automation, Meta and Instagram policy compliance, security
Sponsorship proposals and transactional featuresCompany, contact name, phone, email, budget, media channels, usage rights, deliverables, AI-generated-content permission, approval criteria, progress status, attachment informationWhile needed for proposal handling, disputes, and abuse prevention. Deletion requests are handled by deletion or anonymization except where legal retention or dispute handling applies.Proposal handling, pre-contract steps, abuse prevention
Public performance analytics and dashboard statisticsVisit, click, link movement, redirect records, visit date, page and link classification information, de-identified information for duplicate-visit detection, suspected abuse informationRetained as needed for service statistics and abuse prevention. Raw access information that directly identifies an individual is not stored.Essential product analytics, performance improvement, abuse prevention
Security, incident response, and service reliabilityError type, request path, processing status, processing time, service environment information, and similar operational recordsRetained as needed for security, incident response, and service reliability. Unnecessary direct identifiers are managed so they are not included in operational records.Security, incident response, service reliability
Customer support, important notices, transactional emailsEmail address provided by the requester, support content, handling records, send/receive/delivery statusRetained after support completion for the period needed for disputes, security, and legal compliance.User request handling, service notices, legal compliance
Paid services, sponsorship contracts, revenue settlement, digital goodsMyven processes buyer name, date of birth, billing country, contact number, payment currency, default language, payment email, payment phone number, membership product, amount, currency, coupons and discounts, payment, billing, refund, PG receipt or sales slip, dispute records, PortOne and payment gateway transaction identifiers, billing key identifiers, payment status, and processing history. Myven does not directly store sensitive payment information such as full card numbers or CVC.On account deletion, direct identifiers are anonymized or separated from the identity layer. However, transaction records that must be retained under e-commerce, tax, accounting, consumer dispute, or similar laws are retained separately under a jurisdiction-specific retention policy, then irreversibly anonymized or deleted after the retention period expires and any legal hold is released.Contract performance, legal obligations, settlement and dispute handling

3. Minors and Legal Representatives

  1. The basic Myven service is provided to Users who are at least 14 years old. Myven does not allow children under 14 to sign up for or use the Service and does not intentionally collect personal information from children under 14.
  2. Members who are at least 14 but under 19 are classified as minor members, and Myven restricts transactional features designated by the Company, including paid services, advertising or sponsorship contracts, revenue settlement, and digital product sales.
  3. Paid services, settlement, advertising or sponsorship, and similar transactional features are provided only to Users who are at least 19 years old and have completed the identity or age verification required by the Company. Myven may process the minimum verification data necessary for this purpose, such as the verification provider result, verification time, and verification status.
  4. If a member under 19, or a User who has not completed identity or age verification, bypasses restrictions and uses paid services or transactional features, Myven may suspend those features and take steps required for contract cancellation, refunds, settlement holds, or similar measures according to applicable law, the Terms, or a separate refund policy.
  5. Myven may require age verification, identity verification, or additional checks at signup or before feature use to protect minors, maintain transaction stability, and comply with law.

4. Deletion and Destruction

  1. When account deletion is requested, Myven disables the account, prevents login, and deletes or anonymizes direct identifiers such as email, username, name, and authentication provider identifiers.
  2. Public profile output, social links, sponsored links, and other public information are hidden, deleted, or anonymized. Legal retention records, dispute records, security audit records, and statistical analytics may be retained, separated, or anonymized where immediate deletion would undermine legal obligations or service integrity.
  3. Payment, refund, PG receipt or sales slip, and dispute records are managed across identity, transaction, evidence, and policy layers. After account deletion, user-facing access is blocked and only the minimum needed identifiers are tokenized or anonymized.
  4. After jurisdiction-specific legal retention periods, disputes, security needs, and legal holds end, retained transaction records are irreversibly anonymized or deleted.
  5. Electronic files are deleted or anonymized in a way that makes recovery difficult. Paper records, if any, are shredded or destroyed by an equivalent method.

5. Sharing

  1. Myven does not sell personal information. Myven does not disclose personal information to third parties except where required by law, requested or consented to by the user, or necessary to provide the service.
  2. If a user connects Instagram, Myven communicates with Meta and Instagram services to perform the requested automation and may exchange account identifiers, permissions, message and comment events, and delivery requests with Meta Platforms, Inc. and its affiliates.
  3. For sponsorship proposals, proposal details such as company, contact information, budget, deliverables, and usage rights are provided to the owner of the relevant public profile for review.

6. Processors

  1. Myven may outsource the following processing to external providers to provide the service. Refusing a required processor may prevent Myven from providing the relevant feature or the service. Optional processors will be separately disclosed or consented to where required when introduced.
Key processors
ProcessorRoleType
Amazon Web Services, Inc. and affiliatesService hosting, data storage, file storage, email delivery, security and incident responseRequired: refusal prevents service provision
Meta Platforms, Inc. and Instagram servicesInstagram account authentication, permission checks, comments and direct messages (DM) related functions requested by the userRequired when using related features: refusal prevents Instagram integration
PostHog, Inc.Not currently used. If introduced, it may process usage records for product analytics, quality improvement, and feature usability analysis.Optional
Google LLCNot currently used. If introduced, it may process usage records for web and product analytics, conversion measurement, and quality improvement.Optional
Email and customer support providersEmail delivery, inquiry receipt, customer support handlingRequired: refusal prevents account verification, security notices, important notices, and support
Korea PortOne Co., Ltd.Payment integration service provision, billing key issuance, payment authorization, billing, refunds, receipts, and dispute processing supportRequired: refusal prevents paid services and transactional features

7. Cross-Border Processing

  1. Myven is hosted in Korea. If Myven uses a service provided outside Korea or a product operated by an overseas provider, Myven will disclose the recipient, country, transferred data, purpose, and retention period in this policy or in the service UI.
Services that may involve cross-border processing
ServiceProcessingType
Meta Platforms, Inc. and InstagramInstagram account identifiers, permissions, comments, and direct messages (DM) may be processed outside Korea while providing Instagram integration features.Required when using related features: refusal prevents Instagram integration
PostHog, Inc.Not currently used. If introduced, product analytics and quality-improvement information may be processed outside Korea, and Myven will provide the required notice before introduction.Optional
Google LLCNot currently used. If introduced, web and product analytics information may be processed outside Korea, and Myven will provide the required notice before introduction.Optional

8. Cookies, Tracking, and Behavioral Data

  1. Myven may use cookies or similar technologies for language preferences, login sessions, security protection, public performance analytics, and abuse prevention.
  2. PostHog and Google Analytics are not currently used. If introduced, Myven will update this policy or the service UI with the collected data, retention period, opt-out or restriction method, and advertising personalization status.
Tracking technologies
TypeDataPurposeRestriction method
Essential cookiesLanguage preference information, login session information, security protection informationLanguage state, login session, security protectionBrowser blocking is possible, but blocking essential cookies may break login, dashboard, and security features.
Myven first-party performance analyticsVisit, click, link movement, redirect records, page and link classification information, de-identified duplicate-visit information, suspected abuse informationCreator dashboard statistics, performance improvement, abuse preventionEssential product analytics and security processing. Refusal may limit public profile and dashboard features.
PostHog if introducedProduct usage events, page movement, clicks, session replay, errors, feature usage, and other configured itemsProduct analytics, feature improvement, incident analysisBrowser blocking, service settings, or support request paths may be available.
Google Analytics if introducedPage and event records, device and browser information, referrer, campaign, approximate location. Myven does not send direct identifiers such as email, phone, real name, or precise location.Web analytics, conversion measurement, quality improvementBrowser cookie restrictions, Google Analytics opt-out tools, service settings, or support request paths may be available.

9. Generative AI

  1. Myven currently does not process personal information in generative AI services. User-entered personal information, Instagram messages, sponsorship proposals, attachments, and dashboard data are not provided to external generative AI models or large language model (LLM) training.
  2. If an AI feature later processes personal information, Myven will update this policy and the service UI before launch to disclose purposes, inputs and outputs, training use, processors, cross-border transfers, opt-out rights, and deletion, correction, and suspension methods.

10. Automated Decisions

  1. Myven currently does not make fully automated decisions that materially affect user rights or obligations, such as credit scoring, hiring, price discrimination, or contract refusal.
  2. The beta early-access or waitlist classification is a first-come operating rule based on signup sequence and capacity. Users may request an explanation or correction through the customer support contact details on the [Company](/company) page.

11. Security Measures

  1. Myven limits access to personal information through access controls and permission checks.
  2. Myven applies safeguards such as encrypted transmission, secret management, and file type and size limits.
  3. Myven manages service operation records and analytics records so unnecessary direct identifiers are not included.
  4. Public performance analytics is handled in a way that makes direct identification difficult.
  5. If a security incident occurs, Myven will notify, report, mitigate harm, and prevent recurrence as required by applicable law.

12. Rights Requests

  1. Users and legal representatives may exercise rights available under applicable law, including access, transfer, correction, deletion, suspension of processing, consent withdrawal, and requests to refuse or explain automated decisions.
  2. Requests can be sent through the customer support contact details on the [Company](/company) page. Myven verifies the requester or authorized representative and responds within the period required by law.
  3. Some requests may be limited, anonymized, or handled through separated retention where legal retention, security, abuse prevention, dispute handling, transactions, settlement, tax records, or third-party rights require it.

13. Privacy Contact and Remedies

  1. Privacy inquiries, rights requests, complaints, and remedy requests may be sent through the customer support contact details on the [Company](/company) page.
  2. The privacy officer, privacy request handler, and contact details are available on the [Company](/company) page.
  3. For privacy infringement consultation or reporting in Korea, users may contact the KISA Privacy Infringement Report Center at privacy.kisa.or.kr or 118, the Personal Information Dispute Mediation Committee at kopico.go.kr, or the Personal Information Protection Commission portal at privacy.go.kr. Criminal or investigation matters may be directed to the relevant law-enforcement agency.